The invention manages access to data items in a database that are arranged into a hierarchy of nodes. One or more access entries are associated with the hierarchy of nodes to associate a user property with an access level. Access to the data items is managed by matching one or more particular user properties associated with a user requesting the access to a user property in an access entry.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for managing access to data items, comprising: providing a relational database having data items arranged into a hierarchy of nodes; associating at least one access entry in the hierarchy of nodes directly with a node in the hierarchy of nodes, the node being a root node of a subtree in the hierarchy of nodes, wherein each of the at least one access entry associates a user property with an access level; and managing access to the data items based on the at least one access entry and a user property associated with a user requesting the access.
2. The method of claim 1 , further comprising caching the access entries for subsequent access management.
3. The method of claim 1 , further comprising receiving a request to access at least one of the data items.
4. The method of claim 1 , wherein the user property for the at least one access entry is based on least one of: a directory expression, a group designation, and a user attribute.
5. The method of claim 1 , further comprising authenticating the user when access to the data items is first requested.
6. The method of claim 1 , further comprising: defining a property string for an access entry, wherein the property string is based on a user property; defining an access level for the access entry; and storing the access entry in the relational database.
7. The method of claim 3 , wherein the managing step comprises: obtaining a set of the data items based on the request; and processing the obtained data items based on the access entries.
8. The method of claim 3 , further comprising: identifying a user making the request; and associating the user with a particular user property, wherein managing access to the data items is further based on matching the particular user property with a user property in one of the at least one access entry.
9. The method of claim 8 , wherein the particular user property is based on at least one of: a directory expression, a group designation, and a user attribute.
10. The method of claim 8 , wherein the particular user property is provided from a hierarchical directory structure for users in the organization.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
December 20, 2002
January 21, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.